| Commit message (Expand) | Author | Age |
|---|
| * | Work correctly if your nameserver is ::1•••We had all the code in place to handle this right... except that we
were unconditionally opening a PF_INET socket instead of looking at
sa_family. Ow.
Fixes bug 2574; not a bugfix on any particular version, since this
never worked before.
| Nick Mathewson | 2011-05-23 |
| * | Fix a failure case of connection_ap_handshake_attach_circuit()•••tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
| Sebastian Hahn | 2011-04-28 |
| * | Fix a bug introduced by purging rend_cache on NEWNYM•••If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous
descriptor, while we were building the introduction-point circuit, we
would give up entirely on trying to connect to the hidden service.
Original patch by rransom slightly edited to go into 0.2.1
| Robert Ransom | 2011-04-28 |
| * | Allow rend_client_send_introduction to fail transiently•••i.e. without closing the AP connection.
| Robert Ransom | 2011-04-28 |
| * | Forget all rendezvous client state on SIGNAL NEWNYM | Robert Ransom | 2011-04-28 |
| * | Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING•••None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.
Fixes bug2475.
| Nick Mathewson | 2011-04-26 |
| * | Fix a bug in removing DNSPort requests from their circular list•••Under heavy load, this could result in an assertion failure. Fix for
bug 2933; bugfix on 0.2.0.10-alpha.
| Nick Mathewson | 2011-04-21 |
| * | Merge remote-tracking branch 'rransom/bug2750-v3' into maint-0.2.1 | Nick Mathewson | 2011-04-19 |
| |\ |
|
| | * | Add an XXX | Robert Ransom | 2011-04-18 |
| | * | Correct the warning emitted when rejecting an oversized HS desc | Robert Ransom | 2011-04-18 |
| * | | Ouch: correctly tabify the micro-revision.i target in Makefile.am (0.2.1 only) | Nick Mathewson | 2011-04-19 |
| |/ |
|
| * | Merge remote-tracking branch 'public/bug2402_again' into maint-0.2.1 | Nick Mathewson | 2011-04-06 |
| |\ |
|
| | * | Backport: Generate version tags using Git, not (broken) svn revisions.•••Partial backport of daa0326aaaa85a760be94ee2360cfa61a9fb5be2 .
Resolves bug 2402. Bugfix on 0.2.1.15 (for the part where we switched to
git) and on 0.2.1.30 (for the part where we dumped micro-revisions.)
| Nick Mathewson | 2011-03-11 |
| | * | Revert "Simplest fix to bug2402: do not include SVN versions"•••This reverts commit a1073ee956021ead19d30c2151510dbaced416a8.
Apparently, we totally misunderstood how the debian packages were using
microrevisions. Better fix that!
| Nick Mathewson | 2011-03-11 |
| * | | switch to the apr 2011 geoip db | Roger Dingledine | 2011-04-04 |
| * | | Fix a compile warning when using clang•••Issue noticed by Steven Murdoch; fixes bug 2689. The cast didn't do
anything, and we don't need to look at the return value of the function
here.
| Sebastian Hahn | 2011-03-15 |
| * | | we're not reachable if we don't have a routerinfo yet | Roger Dingledine | 2011-03-13 |
| |/ |
|
| * | move to march 2011 geoip file | Roger Dingledine | 2011-03-08 |
| * | Avoid crash in any_pending_bridge_descriptor_fetches•••This is based on shitlei's fix for bug2629, with extra parens removed.
Fixes bug 2629, bugfix on 0.2.1.2-alpha.
| Nick Mathewson | 2011-03-08 |
| * | Merge branch 'real_ipv6_fix' into maint-0.2.1 | Nick Mathewson | 2011-03-06 |
| |\ |
|
| | * | Oops, here's the *REAL* fix for the ipv6 issue•••We need to _REJECT_ descriptors with accept6/reject6 lines. If we
let them onto the network , other un-upgraded tors will crash.
| Nick Mathewson | 2011-03-06 |
| | * | Revert "Disallow reject6 and accept6 lines in descriptors"•••This reverts commit b3918b3bbbfa9097246d63746c8b540eff2ec8e8.
| Nick Mathewson | 2011-03-06 |
| * | | Merge branch 'careful_with_all_descs' into maint-0.2.1 | Nick Mathewson | 2011-03-06 |
| |\ \
| |/
|/| |
|
| | * | Do not serve encrypt-only descriptors with the "all" request. Reported by pie... | Nick Mathewson | 2011-03-04 |
| * | | exit_policy_is_general_exit is IPv4 only; it should admit it. | Nick Mathewson | 2011-03-06 |
| * | | Disallow reject6 and accept6 lines in descriptors•••This fixes a remotely triggerable assert on directory authorities, who
don't handle descriptors with ipv6 contents well yet. We will want to
revert this once we're ready to handle ipv6.
Issue raised by lorth on #tor, who wasn't able to use Tor anymore.
Analyzed with help from Christian Fromme. Fix suggested by arma. Bugfix
on 0.2.1.3-alpha.
| Sebastian Hahn | 2011-03-06 |
| |/ |
|
| * | Merge remote branch 'public/bug1859_021' into maint-0.2.1 | Nick Mathewson | 2011-02-22 |
| |\ |
|
| | * | Fix a remaining bug in Robert's bug1859 fix.•••When intro->extend_info is created for an introduction point, it
only starts out with a nickname, not necessarily an identity digest.
Thus, doing router_get_by_digest isn't necessarily safe.
| Nick Mathewson | 2010-11-12 |
| | * | Issues with router_get_by_nickname()•••https://trac.torproject.org/projects/tor/ticket/1859
Use router_get_by_digest() instead of router_get_by_hexdigest()
in circuit_discard_optional_exit_enclaves() and
rend_client_get_random_intro(), per Nick's comments.
Using router_get_by_digest() in rend_client_get_random_intro() will
break hidden services published by Tor versions pre 0.1.2.18 and
0.2.07-alpha as they only publish by nickname. This is acceptable
however as these versions only publish to authority tor26 and
don't work for versions in the 0.2.2.x series anyway.
| Robert Hogan | 2010-11-12 |
| | * | Issues with router_get_by_nickname()•••https://trac.torproject.org/projects/tor/ticket/1859
There are two problems in this bug:
1. When an OP makes a .exit request specifying itself as the exit, and the exit
is not yet listed, Tor gets all the routerinfos needed for the circuit but
discovers in circuit_is_acceptable() that its own routerinfo is not in the
routerdigest list and cannot be used. Tor then gets locked in a cycle of
repeating these two steps. When gathering the routerinfos for a circuit,
specifically when the exit has been chosen by .exit notation, Tor needs to
apply the same rules it uses later on when deciding if it can build a
circuit with those routerinfos.
2. A different bug arises in the above situation when the Tor instance's
routerinfo *is* listed in the routerlist, it shares its nickname with a
number of other Tor nodes, and it does not have 'Named' rights to its
nickname.
So for example, if (i) there are five nodes named Bob in the network, (ii) I
am running one of them but am flagged as 'Unnamed' because someone else
claimed the 'Bob' nickname first, and (iii) I run my Tor as both client
and exit the following can happen to me:
- I go to www.evil.com
- I click on a link www.evil.com.bob.exit
- My request will exit through my own Tor node rather than the 'Named'
node Bob or any of the others.
- www.evil.com now knows I am actually browsing from the same computer
that is running my 'Bob' node
So to solve both issues we need to ensure:
- When fulfilling a .exit request we only choose a routerinfo if it exists in
the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router information
if it is not going to be used for building a circuit.
We ensure this by removing the special treatment afforded our own router in
router_get_by_nickname(). This means the function will only return the
routerinfo of our own router if it is in the routerlist built from authority
info and has a unique nickname or is bound to a non-unique nickname.
There are some uses of router_get_by_nickname() where we are looking for the
router by name because of a configuration directive, specifically local
declaration of NodeFamilies and EntryNodes and other routers' declaration of
MyFamily. In these cases it is not at first clear if we need to continue
returning our own routerinfo even if our router is not listed and/or has a
non-unique nickname with the Unnamed flag.
The patch treats each of these cases as follows:
Other Routers' Declaration of MyFamily
This happens in routerlist_add_family(). If another router declares our router
in its family and our router has the Unnamed flag or is not in the routerlist
yet, should we take advantage of the fact that we know our own routerinfo to
add us in anyway? This patch says 'no, treat our own router just like any
other'. This is a safe choice because it ensures our client has the same view
of the network as other clients. We also have no good way of knowing if our
router is Named or not independently of the authorities, so we have to rely on
them in this.
Local declaration of NodeFamilies
Again, we have no way of knowing if the declaration 'NodeFamilies
Bob,Alice,Ringo' refers to our router Bob or the Named router Bob, so we have
to defer to the authorities and treat our own router like any other.
Local declaration of NodeFamilies
Again, same as above. There's also no good reason we would want our client to
choose it's own router as an entry guard if it does not meet the requirements
expected of any other router on the network.
In order to reduce the possibility of error, the patch also replaces two
instances where we were using router_get_by_nickname() with calls to
router_get_by_hexdigest() where the identity digest of the router
is available.
| Robert Hogan | 2010-11-12 |
| * | | Merge remote branch 'public/bug2402_nothing' into maint-0.2.1 | Nick Mathewson | 2011-02-22 |
| |\ \ |
|
| | * | | Simplest fix to bug2402: do not include SVN versions•••When we stopped using svn, 0.2.1.x lost the ability to notice its svn
revision and report it in the version number. However, it kept
looking at the micro-revision.i file... so if you switched to master,
built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file
from master reported as an SVN tag. This patch takes out the "include
the svn tag" logic entirely.
Bugfix on 0.2.1.15-rc; fixes bug 2402.
| Nick Mathewson | 2011-01-25 |
| * | | | fix the other half of bug 1074 | Roger Dingledine | 2011-02-10 |
| * | | | Make the DH parameter we use for TLS match the one from Apache's mod_ssl•••Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
| Nick Mathewson | 2011-02-10 |
| * | | | Ignore and warn about "PublishServerDescriptor hidserv"•••Fixes #2408.
| Robert Ransom | 2011-02-09 |
| * | | | move the clause above the "if bw is too low" check | Roger Dingledine | 2011-02-07 |
| * | | | dtrt when only relaybandwidthburst is set•••fixes bug 2470
| Roger Dingledine | 2011-02-07 |
| * | | | Update to the February 1 2011 Maxmind GeoLite Country database. | Karsten Loesing | 2011-02-07 |
| * | | | Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1 | Nick Mathewson | 2011-01-20 |
| |\ \ \ |
|
| | * | | | Fix bounds-checking in policy_summarize•••Found by piebeer.
| Robert Ransom | 2011-01-20 |
| | |/ / |
|
| * / / | Oops; actually add the code to the last patch. :/ | Nick Mathewson | 2011-01-19 |
| |/ / |
|
| * | | Fix a couple of non-cleared key issues in hidden services•••we need to do more hunting, but this fixes the ones mentioned in 2385.
| Nick Mathewson | 2011-01-15 |
| * | | Zero out some more key data before freeing it•••Found by cypherpunks; fixes bug 2384.
| Nick Mathewson | 2011-01-15 |
| * | | Merge branch 'bug2352_obsize' into maint-0.2.1 | Nick Mathewson | 2011-01-15 |
| |\ \ |
|
| | * | | catch another overlong malloc possibility. found by cypherpunks | Nick Mathewson | 2011-01-15 |
| | * | | Impose maximum sizes on parsed objects•••An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document. Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX. As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit. I'm also fixing the INT_MAX checks, just to be sure.
| Nick Mathewson | 2011-01-10 |
| | * | | Add logic in routerparse to not read overlong private keys•••I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
| Nick Mathewson | 2011-01-10 |
| * | | | Add missing check for hostname answer_len in dnsserv size•••This is checked elsewhere too, but let's be RFC-conformant.
| Nick Mathewson | 2011-01-15 |
| * | | | Merge branch 'bug2324_uncompress' into maint-0.2.1 | Nick Mathewson | 2011-01-15 |
| |\ \ \ |
|
| | * | | | clean up message; explain a magic number in a comment | Nick Mathewson | 2011-01-15 |